CVE-2019-20636 – kernel: out-of-bounds write via crafted keycode table
https://notcve.org/view.php?id=CVE-2019-20636
In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. En el kernel de Linux versiones anteriores a 5.4.12, el archivo drivers/input/input.c presenta escrituras fuera de límites por medio de una tabla de códigos clave diseñada, como es demostrado en la función input_set_keycode, también se conoce como CID-cb222aed03d7. An out-of-bounds write flaw was found in the Linux kernel. A crafted keycode table could be used by drivers/input/input.c to perform the out-of-bounds write. A local user with root access can insert garbage to this keycode table that can lead to out-of-bounds memory access. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb222aed03d798fc074be55e59d9a112338ee784 https://github.com/torvalds/linux/commit/cb222aed03d798fc074be55e59d9a112338ee784 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://security.netapp.com/advisory/ntap-20200430-0004 https://access.redhat.com/security/cve/CVE-2019-20 • CWE-787: Out-of-bounds Write •
CVE-2020-8835 – Linux kernel bpf verifier vulnerability
https://notcve.org/view.php?id=CVE-2020-8835
In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780) En el kernel de Linux versiones 5.5.0 y más recientes, el verificador bpf (kernel/bpf/verifier.c) no restringió apropiadamente los límites de registro para operaciones de 32 bits, conllevando a lecturas y escrituras fuera de límites en la memoria del kernel. La vulnerabilidad también afecta a la serie estable de Linux versión 5.4, comenzando con la versión v5.4.7, ya que el commit de introducción fue respaldado en esa derivación. • https://github.com/zilong3033/CVE-2020-8835 https://github.com/digamma-ai/CVE-2020-8835-verification https://github.com/SplendidSky/CVE-2020-8835 https://github.com/Prabhashaka/Exploitation-CVE-2020-8835 https://github.com/johnatag/INF8602-CVE-2020-8835 http://www.openwall.com/lists/oss-security/2021/07/20/1 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef https://git.kernel.org/pub/scm/linux/kernel/git/torvald • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2020-8832 – Ubuntu 18.04 Linux kernel i915 incomplete fix for CVE-2019-14615
https://notcve.org/view.php?id=CVE-2020-8832
The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information. Se detectó que la solución para el kernel de Linux en Ubuntu versión 18.04 LTS para CVE-2019-14615 ("El kernel de Linux no borró apropiadamente las estructuras de datos en los conmutadores de contexto para determinados procesadores gráficos de Intel") estaba incompleta, lo que significa que en las versiones de kernel anteriores a 4.15.0-91.92, un atacante podría usar esta vulnerabilidad para exponer información confidencial. • https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840 https://security.netapp.com/advisory/ntap-20200430-0004 https://usn.ubuntu.com/usn/usn-4302-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •